<?php
/**
 * @brief Login validator.
 *
 * @license		http://www.gnu.org/licenses/gpl-3.0.txt GNU General Public License
 * @copyright	2008 David Singer
 * @author		David Singer <david@ramaboo.com>
 * @version		1.0.0
 */

require_once('../../includes/common.php');

$username = strtolower(trim($_POST['username']));
$password = $_POST['password'];
$result = true;

$dom = new DomDocument('1.0', 'UTF-8');
$response = $dom->appendChild(new DOMElement('response'));

$errors = $dom->appendChild(new DOMElement('errors'));
$response->appendChild($errors);

if ($username != USERNAME) {
	$field = $dom->appendChild(new DOMElement('field'));
	$errors->appendChild($field);
	
	$id = $dom->appendChild(new DOMElement('id', 'username'));
	$field->appendChild($id);
	
	$msg = $dom->appendChild(new DOMElement('msg'));
	$msg_cdata = $dom->createCDATASection("Invalid username. <br /><i>The username you entered was not found.</i>");
	$msg->appendChild($msg_cdata);
	$field->appendChild($msg);
	
	$result = false;
}

if ($password != PASSWORD) {
	$field = $dom->appendChild(new DOMElement('field'));
	$errors->appendChild($field);
	
	$id = $dom->appendChild(new DOMElement('id', 'password'));
	$field->appendChild($id);
	
	$msg = $dom->appendChild(new DOMElement('msg'));
	$msg_cdata = $dom->createCDATASection("Invalid password. <br /><i>The password you entered did not match our records.</i>");
	$msg->appendChild($msg_cdata);
	$field->appendChild($msg);
	
	$result = false;
}

if ($result) {
	$response->setAttributeNode(new DOMAttr('success', 'true'));
	session_regenerate_id();
	$_SESSION['auth'] = true; // setup cookie
} else {
	$response->setAttributeNode(new DOMAttr('success', 'false'));
	$_SESSION['auth'] = false; // just in case
}

$output = $dom->saveXML(); 
header_no_cache(strlen($output), 'text/xml');
echo $output;
?>